Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers
History
He, Bo b87bfcc214 HID: debug: fix race condition with between rdesc_show() and device removal 
[ Upstream commit cef0d4948cb0a02db37ebfdc320e127c77ab1637 ]

There is a race condition that could happen if hid_debug_rdesc_show()
is running while hdev is in the process of going away (device removal,
system suspend, etc) which could result in NULL pointer dereference:

	 BUG: unable to handle kernel paging request at 0000000783316040
	 CPU: 1 PID: 1512 Comm: getevent Tainted: G     U     O 4.19.20-quilt-2e5dc0ac-00029-gc455a447dd55 #1
	 RIP: 0010:hid_dump_device+0x9b/0x160
	 Call Trace:
	  hid_debug_rdesc_show+0x72/0x1d0
	  seq_read+0xe0/0x410
	  full_proxy_read+0x5f/0x90
	  __vfs_read+0x3a/0x170
	  vfs_read+0xa0/0x150
	  ksys_read+0x58/0xc0
	  __x64_sys_read+0x1a/0x20
	  do_syscall_64+0x55/0x110
	  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Grab driver_input_lock to make sure the input device exists throughout the
whole process of dumping the rdesc.

[jkosina@suse.cz: update changelog a bit]
Signed-off-by: he, bo <bo.he@intel.com>
Signed-off-by: "Zhang, Jun" <jun.zhang@intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2019-07-27 22:10:41 +02:00
..
accessibility
acpi ACPI: APEI / ERST: Fix missing error handling in erst_reader() 2019-07-27 21:46:19 +02:00
amba
android binder: Remove Samsung special not in any upstream code 2019-07-27 22:09:15 +02:00
ata treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
atm
auxdisplay
base treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
battery Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
battery_v2
bcma
bif
block Revert "block/loop: Use global lock for ioctl() operation." 2019-07-27 22:10:39 +02:00
bluetooth bluetooth: Define proper kernel messages 2019-07-27 22:08:39 +02:00
bus
cdrom
char diag: Handle data ready notification properly 2019-07-27 22:08:48 +02:00
clk ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
clocksource Merge tag 'LA.BR.1.3.6-05410-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2018-02-06 13:11:45 +01:00
connector
coresight
cpufreq ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
cpuidle lpm-levels: Remove kfree for memory allocated with devm_kzalloc 2019-07-27 22:08:40 +02:00
crypto msm: ice: check for crypto engine availability 2019-07-27 22:08:47 +02:00
dca
debug
debug_32
devfreq dev_freq: devfreq_spdm: add null terminator to prevent OOB access 2019-07-27 21:50:47 +02:00
dio
dma
edac
eisa
esoc
extcon
fingerprint
firewire
firmware
gpio soc: qcom: Remove smp2p test support 2019-07-27 22:08:44 +02:00
gpu treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
hid HID: debug: fix race condition with between rdesc_show() and device removal 2019-07-27 22:10:41 +02:00
hsi
hv
hwmon
hwspinlock
i2c i2c: dev: prevent adapter retries and timeout being set as minus value 2019-07-27 21:53:34 +02:00
ide UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
idle
iio iio:kfifo_buf: check for uint overflow 2019-07-27 21:52:28 +02:00
infiniband
input treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
iommu iommu/amd: Finish TLB flush in amd_iommu_unmap() 2019-07-27 21:44:19 +02:00
ipack
irqchip
isdn
leds
lguest
macintosh
mailbox
md dm kcopyd: avoid softlockup in run_complete_job 2019-07-27 21:51:38 +02:00
media media: v4l: ioctl: Validate num_planes for debug messages 2019-07-27 22:10:17 +02:00
memory
memstick
message
mfd mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode 2019-07-27 21:44:34 +02:00
misc dsp: codecs: fix range check for audio buffer copying 2019-07-27 22:08:47 +02:00
mmc mmc: mmc: fix switch timeout issue caused by jiffies precision 2019-07-27 22:08:58 +02:00
motor
mtd UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
muic muic: Fix WRITE redefined compile error 2019-07-27 22:05:59 +02:00
net slip: make slhc_free() silently accept an error pointer 2019-07-27 22:10:41 +02:00
nfc
ntb
nubus
of of: fdt: add missing allocation-failure check 2019-07-27 21:44:47 +02:00
oprofile
parisc
parport
pci PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() 2019-07-27 21:46:19 +02:00
pcmcia
phy
pinctrl pinctrl: Really force states during suspend/resume 2019-07-27 21:49:40 +02:00
platform msm:ipa:Prevent rt rule deletion if rt rule id is invalid 2019-07-27 22:10:28 +02:00
pnp
power ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
pps
ps3
ptp
pwm
rapidio
regulator treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
remoteproc
reset
rpmsg
rtc rtc: sh: Fix invalid alarm warning for non-enabled alarm 2019-07-27 22:10:38 +02:00
s390 UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
sbus
scsi treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
sensorhub
sensors
sfi
sh
slimbus
sn
soc ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
soundwire
spi
spmi
ssb
ssbi
staging ANDROID: Remove conflicting Samsung options for upstream changes 2019-07-27 22:09:50 +02:00
switch
target scsi: target: fix __transport_register_session locking 2019-07-27 21:51:38 +02:00
tc
thermal msm: thermal: validate userspace args to prevent buffer overflow. 2019-07-27 22:10:00 +02:00
tty tty: make n_tty_read() always abort if hangup is in progress 2019-07-27 21:49:23 +02:00
uio uio: Fix an Oops on load 2019-07-27 22:06:01 +02:00
usb USB: core: Fix unterminated string returned by usb_string() 2019-07-27 22:10:38 +02:00
uwb
vfio
vhost
video ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
virt
virtio
vlynq
vme
w1
watchdog
xen
zorro
Kconfig
Makefile